Keys of audit events in the Authentication group

Authentication events that occur in KSMG 2.1.1 are recorded in the Audit Log if audit event logging is enabled in Event Log settings.

The keys listed in the following table are used in the bodies of syslog message of audit events in the Authentication group.

Possible values of fields for keys of Authentication group audit events

Key

Value

event-type

The value is always authentication.

event

The value is always authentication_attempt.

auth-type

Authentication type. Possible values:

  • Local
  • Krb
  • NTLM

error-id

Logged only if authentication fails. Possible values:

  • AuthFailed
  • LoginAttemptsExceed
  • PasswordExpired
  • PasswordReset
  • NTLMServersNotAvailable
  • Unknown

error-message

Logged only if authentication fails. Possible values:

  • Authentication failed
  • Login attempts exceeded
  • Password expired
  • Should change password
  • NTLM servers are not available
  • Unknown error occurs

Page top